Hi,
In the following code, namei() call is done in doutimensat(), and
nd.ni_vp is passed to dovutimens() as vp.
In the same way, in dofutimens() the vp (from getvnode) is vref() before
calling dovutimens().
So I think we should call vput() before returning any error.
--
Sebastien Marie
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.257
diff -u -p -r1.257 vfs_syscalls.c
--- kern/vfs_syscalls.c 26 Jun 2016 14:27:14 -0000 1.257
+++ kern/vfs_syscalls.c 26 Jun 2016 15:57:09 -0000
@@ -2332,13 +2332,17 @@ dovutimens(struct proc *p, struct vnode
}
if (ts[0].tv_nsec != UTIME_OMIT) {
- if (ts[0].tv_nsec < 0 || ts[0].tv_nsec >= 1000000000)
- return (EINVAL);
+ if (ts[0].tv_nsec < 0 || ts[0].tv_nsec >= 1000000000) {
+ error = EINVAL;
+ goto out;
+ }
vattr.va_atime = ts[0];
}
if (ts[1].tv_nsec != UTIME_OMIT) {
- if (ts[1].tv_nsec < 0 || ts[1].tv_nsec >= 1000000000)
- return (EINVAL);
+ if (ts[1].tv_nsec < 0 || ts[1].tv_nsec >= 1000000000) {
+ error = EINVAL;
+ goto out;
+ }
vattr.va_mtime = ts[1];
}
@@ -2347,6 +2351,7 @@ dovutimens(struct proc *p, struct vnode
error = EROFS;
else
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
+out:
vput(vp);
return (error);
}
